{"id":15690215,"url":"https://github.com/developer-guy/gophercon-turkiye-2021-hands-on","last_synced_at":"2025-05-07T23:27:36.492Z","repository":{"id":104876883,"uuid":"371815180","full_name":"developer-guy/gophercon-turkiye-2021-hands-on","owner":"developer-guy","description":"GopherCon Turkiye 2021 - Kubernetes'i kendi ihtiyaçlarımıza göre nasıl özelleştirdik ?","archived":false,"fork":false,"pushed_at":"2021-05-30T09:11:49.000Z","size":199,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-26T05:41:27.795Z","etag":null,"topics":["gcloud","gke","gke-cluster","go","golang","google-cloud-function","google-cloud-functions","google-kubernetes-engine","kubernetes","validating-admission-webhook","validating-webhook"],"latest_commit_sha":null,"homepage":"https://gist.github.com/developer-guy/7157267bd276fa52d02effbadfaa022a","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/developer-guy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-28T20:47:53.000Z","updated_at":"2023-06-22T11:44:26.000Z","dependencies_parsed_at":null,"dependency_job_id":"7f5d09ce-4e9e-4c91-a6f9-71c5a339c3e0","html_url":"https://github.com/developer-guy/gophercon-turkiye-2021-hands-on","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fgophercon-turkiye-2021-hands-on","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fgophercon-turkiye-2021-hands-on/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fgophercon-turkiye-2021-hands-on/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Fgophercon-turkiye-2021-hands-on/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/developer-guy","download_url":"https://codeload.github.com/developer-guy/gophercon-turkiye-2021-hands-on/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243042902,"owners_count":20226720,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gcloud","gke","gke-cluster","go","golang","google-cloud-function","google-cloud-functions","google-kubernetes-engine","kubernetes","validating-admission-webhook","validating-webhook"],"created_at":"2024-10-03T18:08:20.174Z","updated_at":"2025-03-11T13:31:56.887Z","avatar_url":"https://github.com/developer-guy.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"## GopherCon Turkiye 2021 - Kubernetes'i kendi ihtiyaçlarımıza göre nasıl özelleştirdik ?\n\n![webhook](./assets/validating_webhook.png)\n\n\u003e Slides: https://docs.google.com/presentation/d/1v-pwXe5izWIF9v_pkpsjqb2c-2CZe9EEDda17tqaVgg/edit?usp=sharing\n\n### Prerequisites\n\n* gcloud 342.0.0\n* Kubernetes v1.19.9\n* kubectl v1.21.1\n\n### Tutorial\n\nStart with defining the name of GKE (Google Kubernetes Engine) Cluster as an environment variable.\n\n```bash\n$ export GKE_DEMO_CLUSTER_NAME=gophercon-turkiye-2021-hands-on\n```\n\nLet's create the GKE Cluster.\n```bash\n$ gcloud container clusters create $GKE_DEMO_CLUSTER_NAME --num-nodes=2\n```\n\nOnce it's created, fetch the cluster credentials in order to work properly with `kubectl` a CLI tool for interacting with Kubernetes.\n```bash\n$ gcloud container clusters get-credentials $GKE_DEMO_CLUSTER_NAME\n```\n\nVerify if everything is working before move on to the next step.\n\n```bash\n$ kubectl get nodes -o wide\n```\n\nNow, it is time for deploying our first Google Cloud Function.\n\n```bash\n$ gcloud functions deploy Validate --runtime go113 --trigger-http --allow-unauthenticated\n```\n\nOnce it's deployed, let's grap the url of the function for later use.\n```bash\n$ CLOUD_FUNCTION_URL=$(gcloud functions describe --format=json Validate | jq -r '.httpsTrigger.url')\n$ echo $CLOUD_FUNCTION_URL\n```\n\nNow we are ready to register this functions as a `ValidatingWebhookConfiguration` in our cluster.\n\n```bash\n$ cat \u003c\u003cEOF | k apply -f -\napiVersion: admissionregistration.k8s.io/v1\nkind: ValidatingWebhookConfiguration\nmetadata:\n name: validatelabel\nwebhooks:\n- name: us-central1-developerguy-311909.cloudfunctions.net\n  clientConfig:\n    url: $CLOUD_FUNCTION_URL\n  rules:\n  - apiGroups: [\"\"]\n    apiVersions: [\"v1\"]\n    resources: [\"pods\"]\n    operations: [\"CREATE\"]\n    scope: Namespaced\n  namespaceSelector:\n    matchLabels:\n      gophercon.turkiye/validation: enabled\n  admissionReviewVersions: [\"v1\"]\n  sideEffects: None\n  failurePolicy: Fail\nEOF\n```\n\n### Test\n\nThere are two manifests in the repo, one involves valid Pod manifest, and the other one involves invalid Pod manifest.\n\nBefore applying them, we should add a `gophercon.turkiye/validation` label to the namespace with the value `enabled`.\n\n```bash\n$ kubectl label namespace default gophercon.turkiye/validation=enabled\n```\n\nLet's apply the invalid one first.\n```bash\n$ kubectl apply --filename pod-invalid.yaml\n```\n\nLet's apply the valid one.\n```bash\n$ kubectl apply --filename pod-valid.yaml\n```\n\n### Furhermore\n\nIf you want to deploy your own Kubernetes Admission Webhook without using Google Cloud Functions, you have to manage your own TLS Certificates, because of Kubernetes API Server can establish only TLS connection with the webhook, this means that you have to run your webhook on port `443`, or at least forward your webhook server from port `443`. There are various options to do that, one is managing self-signed CA certificates, and another option is creating certificates based on Kubernetes CA. \n\nTo get more detail about them, you can take a look at our solution called [k8s-webhook-certificator](https://github.com/Trendyol/k8s-webhook-certificator).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Fgophercon-turkiye-2021-hands-on","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeveloper-guy%2Fgophercon-turkiye-2021-hands-on","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Fgophercon-turkiye-2021-hands-on/lists"}